Data Governance Act proposal: more trust in data intermediaries could spell greater ease for product innovation
The European Commission has set out its proposal for the Data Governance Act (DGA) to increase the EU’s competitiveness on the world stage by encouraging the safe sharing of data between businesses and making public sector data available for re-use.
The key aim of this proposed regulation is to harbour trust in data intermediaries and to encourage the sharing of data between public bodies and businesses. It is also to strengthen the mechanisms used for data sharing across the EU. It is intended to ensure Europe is at the forefront of pioneering for the innovative development of products and services in Europe.
What are data intermediaries and what do they do?
Data intermediaries are organisations acting as the middle man between entities sharing data and those accessing it. The service offering of such organisations is widely encompassing covering various activities that help facilitate the sharing and accessing of data. These include providing tools and expertise for the exchange of data, or acting as a mediator in negotiations on data sharing arrangements.
The DGA sets out the following key proposals:
- The setting of conditions to allow for the re-use of data, and the benefits arising therefrom. Currently, data that is subject to third party rights often cannot readily be made available for re-use, and many Member States do not have appropriate processes and mechanisms to allow for the re-use of data which means the benefit gained from sharing data is missed out on. The conditions therefore aim to allow for the use of data held by the public sector without restricting competition for businesses.
- Requiring Member States have a designated body that will assist public sector bodies that share data. This includes providing a secure processing environment, and technical support to ensure that the privacy of data shared is upheld such as by the use of pseudonymisation.
- The European Data Innovation Board to include, amongst others, representatives of competent authorities of Member States along with the European Data Protection Board. The purpose is to advise and assist the European Commission on ensuring a consistent and efficient practice for data sharing.
Although unclear when this Act will enter into force, it is proposed that the entities providing data sharing services will have two years to ensure they comply with the obligations set out.
Impact on businesses
These proposals will be particularly relevant to product manufacturers as they have the potential to create easier and greater access to valuable data that can be leveraged to produce safer and more efficient products, and to maintain and increase market share whilst decreasing the number of complaints and product liability claims.
There is, however, the added issue of complexity and cost involved in the drafting and enforcing of model contract clauses used when transferring data to a country outside the EU. It is unclear whether the European Commission will provide model contractual clauses in the same way as Standard Contractual Clauses as in the GDPR.
This could further give rise to litigation risks if contractual disputes arise over such contractual wording. For example, if the recipient uses the data contrary to the wording the provider understood it to be.
The DGA is an important and welcome proposal for product designers and manufacturers as the data the public sector holds can be used to assist in identifying areas for improvement in product safety, for example, by analysing data concerning complaints held by regulators and watchdogs.
The proposals also stand to be useful in encouraging businesses to be more open with sharing data which is hoped will translate to the development of more innovative products as the DGA regulates the data intermediaries themselves. This allows for businesses to worry less about losing a competitive advantage by sharing their data and more on improving the products and services they offer.
That said, product manufacturers should be alive to the potential for disputes between contracting parties to data transfers especially if model clauses are unclear or poorly drafted. Updates on the progress of these proposals should therefore be monitored by product manufacturers with the assistance of their legal counsel.